Over 20,000 Data Center Apps At Risk Of Attack: Security Report
Cyble Research Labs found over 20,000 web instances of data center software applications being vulnerable to cyberattackers, including data center infrastructure management offerings from APC by Schneider Electric, Device42, Sunbird and Vertiv.
A new Cyble Research Labs investigation found that more than 20,000 web instances of various data center management and monitoring products—from intelligent monitoring software to thermal cooling management control systems—are exposed to cyberattackers over the internet.
The cybersecurity report found accessible instances on data center infrastructure management (DCIM) and monitoring offerings from APC by Schneider Electric, Device42, Sunbird and Vertiv. Many of these cybersecurity instances are due to applications still using default passwords for protection.
“While researching the scope of vulnerabilities exploitable to damage data centers, Cyble Research Labs found multiple DCIM software, intelligent monitoring devices, thermal cooling management control systems and rack power monitors vulnerable to cyberattacks. Furthermore, the Labs’ scanners and ‘Google dorks’ investigation found that globally 20,000-plus instances and products of various vendors dealing with data centers and their operations are public-facing,” said Cyble in its new cybersecurity report. “Hence, it is highly likely to experience increasing cyberthreats towards data centers worldwide.”
[Related: 10 Data Center Companies You Need To Watch In 2022]
As the largest cloud vendors, colocation companies and private equity firms pour billions into building new or larger data centers, DCIM software is key to visualizing, managing and controlling the core infrastructure within data centers such as routers, switches, servers, as well as components such as cooling systems, UPS systems, sensors and server rack monitoring power distribution unit systems. Overall, DCIM gives businesses a compete view of a data center.
Unfortunately, many of DCIM software applications can be easily accessed due to many of these products being secured with default factory passwords, according to Cyble’s new report.
Vulnerable Vendors: APC, Device42, Sunbird, Vertiv
Cyble said cyberattackers could access Sunbird’s dcTrack DCIM software that would give a hacker access to the admin console, which has access to everything the dashboard manages, including power, connectivity, settings, reports as well as the ability to reset the applications. For example, the researchers said hackers could manipulate the temperature and humidity of the racks installed at the data center. “This action can cause a severe impact on the servers installed in the rack as they will overheat and [be] damaged,” Cyble said in its report.
Vertiv’s Liebert CRV iCOM is a data center cooling offering that integrates within a row of data center racks. The cybersecurity researchers were able to find several web instances of Liebert CRV iCOM that are still using the default passwords to secure the critical data center assets.
“As a result, hackers and other malicious threat groups can quickly access cooling units of the data center and overheat the data units,” said Cyble regarding Vertiv CRV iCOM. “As cyberespionage campaigns are increasing all over the globe, having these unprotected web consoles over the surface net increases the risk of cyberattack exponentially.”
Cyble was able to find public-facing Device42 data center management software running on default admin passwords. Device42 provides agentless and automatic discovery of all data center assets, including physical, virtual and cloud components. “These findings are critical as a hacker having access to the DCIM software has multiple attack options on the data center,” said the cybersecurity researchers. “If a malicious attacker gets access to the administrator dashboard, they can monitor IPs from the Device42 DCIM dashboard.”
Cyble was able to access APC’s Smart-UPS instances found over the internet, which were still running factory default passwords. If a hacker gained control over these consoles they could turn them off, reboot or put the UPS in sleep mode as well as delete logs and traces from the console.
“Having access to these sensitive settings can harm the critical assets of the data center dependent on Smart-UPS,” said the cybersecurity researchers.
What Needs To Be Done
The cybersecurity researchers say as global data centers become faster, smarter and highly scalable, they are at greater risk of cyberattacks.
“As data centers work with the collaboration of multiple technologies and software’s vulnerabilities, loopholes can be easily found by malicious hackers. Moreover, data centers are rapidly upgrading,” said Cyble. “Hence, hackers are exploring new vectors to bypass the security parameters.”
To solve these massive security issues, Cyble recommends focusing on password management, stronger access controls, regular patching, segmentation of networks, regular data center audits, constant assessment and monitoring of public-facing systems, as well as enrolling in cybersecurity awareness programs for employers and managers to understand the growing and emerging threats in the cyber world.